Learn to configure Google Workspace Business and Education editions with Symantec Email Security.cloud as your outbound email gateway.

To scan email from external sources, you must register the IP addresses or mail hosts of the points of entry into your network. These points of entry may be firewalls, routers, mail servers, or a public hosted cloud service.

The public hosted cloud services that we support are Google's Google Workspace Email and Microsoft Office 365. This information is for guidance only. You must retrieve up-to-date information from your public hosted service account to ensure accuracy. Your account information in the Google Google Workspace portal provides the inbound route information that you need to enter into the Email Security Services portal.

Outbound mail configuration

1. In the Symantec.cloud portal, navigate to Services > Email Services > Outbound Routes.
2. Click Hosted Email Services.
3. From the Select hosted email services drop-down, select Google Apps.
4. Click Add.

The Symantec.cloud infrastructure uses Google's SPF record to verify Google's IP address ranges for outbound SMTP. Once you have completed these steps, allow up to 1 hour for the changes to replicate across the Email Security.cloud infrastructure. See Set up an outbound mail gateway on Google.com for more information.

Implement SPF records

A Sender Policy Framework (SPF) record is a type of Domain Name Service (DNS) TXT record that identifies which mail servers are permitted to send email on behalf of a domain. SPF records detect and prevent spammers from sending messages with forged "From" addresses on a domain.

Symantec recommends that you include Email Security.cloud references in your SPF Record, even if your email is not generally routed outbound through Symantec.cloud. Including these references help prevent situations where email flows through Symantec servers for other reasons, such as email sent to another customer.

Implementing the SPF record also helps Symantec.cloud more accurately detect spoofed messages that pretend to be from your domain.

See Implement SPF records in Email Security.cloud

Note: Make sure to set the TXT record TTL to the lowest possible to allow quick replication across DNS servers. It may take up to 24 hours for the TXT record to replicate across the internet.

Force Google Workspace internal routing

This will force internal routing for all domains provisioned to use Google Workspace services.

1. In the Google Workspace Management Console, navigate to Apps > Google Workspace > Gmail > Routing.
2. In the Routing section, under Routing, click Add Another rule.
3. Enter a description: Force Internal Routing for domains provisioned to use Google Workspace Services.
4. Under Messages to affect, select Internal - Sending.
5. Under Route, click the Change Route drop-down, and then select Google Internal MX.
6. Click Add Setting.

Route outbound mail using Email Security.cloud service

1. In the Google Workspace Management Console, navigate to Apps > Google Workspace > Gmail > Routing.
2. In the Routing section, under Outbound gateway, type the outbound email SMTP hostname provided in the domain provisioning email sent by Symantec. This email contains the subject "Domain MX record and outbound scanning instructions". For example: clusterXout.us.messagelabs.com where X represents the cluster number 
3. Click Save.